Wednesday, December 10, 2014

Privacy on the web and on mobile devices is a growing concern. More people are sharing more aspects of their lives on their mobile device and the web without knowing exactly what can happen. This paper will identify the general “privacy” problem; provide some specific examples where the web & mobile users’ are at risk; and attempt to identify some potential solutions.

Introduction

“Privacy is considered a core value in democratic societies and is recognized either explicitly or implicitly as a fundamental human right by most constitutions of democratic societies. [2]” There is no clear definition of privacy. Several different sources have somewhat similar but different definitions of privacy. It is viewed by some researchers [7] as either “the right to be left alone” or “the right to control what information is known about them.” Further, other researchers state a similar definition by [2] defining privacy in two aspects, “informational privacy” and “spatial privacy”. One really good question was asked [7]: “Is privacy one of the unalienable rights to all citizens?” If it is, then there are mobile & web privacy related issues that need to be taken into deep consideration. It is, indeed, implied [2] that privacy is a core value in democratic societies.

There has been research [7] into the foundation of privacy rights. US laws are built upon the principles stated in the Constitution, Declaration of Independence & Bill of Rights. However, there was no direct mention of the term privacy in either the Constitution or Declaration of Independence [13]. The US Bill of Rights [16] states that “private property [should not] be taken for public use, without just compensation” in Amendment V.

The laws that do exist are considered a patchwork and some are not fit for the web and mobile devices [7]. Further, it is suggests that the laws will become too complex and possibly ineffective. There is an abundance of laws related to privacy, but no general law. Further, research suggests that a general law will not be effective either [7]. There is one solution put forth that will break up a general privacy law into realm levels with guidelines in each realm and that would be more effective [7]. Google’s new privacy policy has a one size fits all solution and a sub-privacy policy for specific services that either extend or overwrite the general policy [17]. Google’s method appears to be appropriate and the US in its’ entirety should make a general privacy policy with some policies that override it for specific situations. This is similar to the idea put forth by [7].

Current Privacy Laws

Most states have enacted laws to require companies to notify customers that their personal information has been breached. According to Anton, Earp, & Young [10], they concluded that it is plausible that these laws made it so more breaches were reported. This data can be visualized in [10].

The US has some privacy related laws [7]:

The US Constitution (Amendment IV) secures the right of the people to be secure against unreasonable search and seizures
Privacy Act of 1974
Computer Security Act of 1988

Security freeze laws were put into place allowing users to prevent any accounts being opened in their name. According to [11], Alabama, Michigan, and Missouri have not yet adapted a security freeze law, but since this paper was published, Missouri has passed such a law. However, the consumer agencies allow anybody from any state to set a security freeze on their account [10].

The HIPAA Privacy rule establishes national standards to protect individuals’ medical records and other personal health information [12]. There is no general law that forces companies to notify its’ customers of their privacy practices other than medical related information. There are many federal and state laws that are related to the privacy of users’ data [13].

The top concern was information transfer, followed by notice/awareness, then information storage and access/participation; the fifth top concern is information collection and finally the least concern is personalization [10].

Personalization is when a website changes based on the users behavior. Even though this is the least of users’ concerns, users were concerned about personalization in 2002 and even more in 2008 [10]. This could be from the users’ perceived feeling of being a victim of the websites targeting.

It was stated [2] that “privacy can only be effectively protected by a holistic approach comprising both legal and technical means of protection.”

Common Threats

“New users of the Internet generally do not realize that every post they make to a newsgroup, every piece of email they send, every [WWW] page they access, and every item they purchase online could be monitored or logged by some unseen third party. [1]”. Whether it will be from their mobile device or their desktop computer, it is evident that users are at risk.

“Long-term databases threaten your ability to choose what you would like to disclose from your past. [1]” A post that you made after a few drinks when you were 21, could come back to haunt you at your job when you are 30. Further, advanced search technology could turn up a post or picture of you that maybe a family member or friend posted in the past without your knowledge or permission. This may cause harm at your place of work or in a relationship. Other problems include sites that allow anybody to locate another person’s address online. This could allow stalkers or an ex to identify and locate their victims.

There have been many specific examples of government employees abusing government databases of information [1]:

IRS employees making illegal queries
SSA employees making illegal queries
AIDS patients records have been leaked
The FBI has been known to spy on politicians
The NSA has been known to spy on other domestic targets
Bill Clinton’s Democratic administration was found to have unauthorized secret dossiers on Republican opponents

Vulnerabilities

Mulliner [9] found that private information would be sent to the websites that the user visited through the HTTP proxy headers. They concluded that the mobile network carriers appended this information instead of it getting sent directly from the phone. They showed a detailed example of how the MSISDN number is getting sent out which contains the user’s phone number. They showed that a website could collect this information and, in some cases, perform a reverse phone number look up. The “reverse phone number look up” reveals information such as first & last name and sometimes the users’ address. The solution presented [9] is for the mobile network operators to not inject this data into the headers. Alternatively, the data would only be included in the mobile carrier network and only be sent to currently authorized third parties. The user has no way to prevent this from happening.

Some security vulnerabilities were presented [8] in accessing social networks from mobile phones in which private information can be accessed by a third party. Three classes of privacy and security problems associated with mobile social networks were identified:

Further, [2] stated that “the current development of technologies has neglected to maintain the protection of individuals’ sovereignty over his/her private sphere and particularly individuals control over personal data that the real non-electronic world naturally and culturally provides.” Users are more vulnerable using web & mobile technologies and the laws have not adapted properly.

Tools & Solutions

The Platform for Privacy Preferences (P3P) [3] protocol would allow websites to publish their privacy policies in a machine readable format. The browser of the visitor could then read this and compare it to the user’s settings. The drawback to this method is that there are no laws or regulations forcing websites to adhere to this policy if they use it [2].

Other tools, such as PiML would control the dissemination of a User Agent profile. The User Agent profile includes information such as location. PiML could be run as a proxy-based solution or browser built-in solution [2].

There is also a PRIME project, which is working on solutions that will provide users control over their personal data. It will also allow users to trace where the data about them is being sent [2].

Conclusion

Through the research presented in this paper, it is shown that privacy threats exist on the Web and on Mobile Devices. These threats were identified and a summary of them was presented. It was also shown that there are some ways to potentially prevent some of these threats either through individual or collective means.

Wednesday, October 22, 2014

Bitcoin has huge potential. The biggest benefit is getting rid of the banks fees on transactions. A lot of the problems that are talked about are not really problems. Two problems that I see with it is the lack of bitcoin spending getting reported on credit reports and being able to spend borrowed bitcoin like people spend with borrowed money on credit cards. These two issues are never spoken of. I have not heard anybody mention these two problems and therefore nobody has coined :) a possible solution. These are the two barriers that prevent me from using bitcoin from all of my purchases. Well, that and most places do not (yet) accept bitcoin. If I could get a Bitcoin credit line that reports my spending to the credit bureaus, I would use it all of the time. Having a spending history on your credit report is important when you go to apply for new credit. Creditors want to see that you have borrowed money and successfully paid it back. Being able to borrow money is very important. For some, it is the only way to get ahead and start a business of their own.

Saturday, September 6, 2014

OverviewThis paper presents answers from Bill Buxton to some general questions that people asked him. Further, it goes into the history of multi-touch systems dating back to the early 1980’s. A lot of interested parties asked Bill Buxton questions about multi-touch since he has been involved in the topic for a number of years.Chronology of SystemsThere were many interactive devices listed in this paper that were multi-touch systems, but not a standard flat screen device that most people think of when they hear “multi-touch”. One good example is the electroacoustic music device they listed. It was not well implemented, but a device could be created where the input affords the sounds better than a standard keyboard.Physical vs. VirtualBill Buxton was discussing that the virtual devices may not be ideal compared to real physical devices. This is definitely a con when thinking in terms of a flat multi-touch screen. For example, if a user was to play a race car game, a real physical steering wheel, like they have on the Wii would probably be superior than a virtual steering wheel on the flat screen. Another example is an MP3 player that can be paused or volume changed with one hand while the device is still in a pocket. A pure touch screen would prevent such a thing. A pure touch screen MP3 player may cause some problems for someone at the gym versus them having one with physical controls that they can interact with one hand while the device is strapped to their arm. Discussion

Thursday, May 3, 2012

Original Goal for the ApplicationThe original goal for the application was to have a realistic bow and arrow that will shoot at a moving target.Related WorkThis
application is a pretty straightforward game where a user has a ship
that will shoot at a target out in space. There are several classic
space shooter type games and some more modern games that are similar.There
is one game called “Gridwars” that is an interesting game. It has
moving targets moving around a grid and when the bomb button is pressed,
the grid moves in 3D destroying nearby objects.There is a multi-touch “space wars” game where users are shooting things at each other (http://www.youtube.com/watch?v=U2NIZV8xqnY). There is a galaxy spinning in the background.Lessons Learned During Project ImplementationIt
is time-consuming to get a project working appropriately with MS Visual
Studio and C# for the MS Surface. This is the first time I worked with
MS languages and tools, but it was similar to Java. Still, I mostly work
with web programming languages and this is different.It
is time-consuming to get objects to appear to look like they are
getting shot in 3D into a wormhole or black hole type structure. This
version of the game is just making the shooting bullets move (kind of)
towards the center and shrinking as they are moving away from the ship
that is shooting them. It is extremely generic, but it would be a
difficult task to implement the actual physics that I was looking for.
This gives the general idea, however.A
good simple solution that would solve the problem of shooting missiles
into a wormhole and look realistic would be to make a grid of missile
sizes and directions that would map to the coordinates of the screen.
Then, each update of the screen, the missiles would move and adjust size
and that would make it more realistic. I’m sure there is also some
algorithmic formula to move the missiles according to the physics of a
wormhole.Application Designed for the SurfaceThe
application that I designed for the Surface is a simple two player game
where the user controls their ship by moving it back and forth. The
ship will automatically shoot bullets into a wormhole at a moving
target. I tried to make it look like the bullets were falling into the
wormhole and the target was moving around the wormhole.The
object of the game is for the two players to hit the target as many
times as possible in a chosen time frame. There is a high score board so
that the players can try to beat their past scores.